LOGBOOK

HELP

Quiz Entry - updated: 2026.05.31

What is a side-channel attack, and how does Simple Power Analysis (SPA) recover an RSA key?

A side-channel attack reads information that leaks from the physical implementation — power consumption, timing, electromagnetic emissions, cache state, acoustic noise — rather than from the math of the cipher.

The RSA example: a textbook square-and-multiply exponentiation loops over the exponent's bits. On a "0" bit it only squares; on a "1" bit it squares and multiplies. Square and multiply consume slightly different amounts of electrical power.

for each bit b of key d:
    result = result^2 mod n             # squaring (always)
    if b == 1:
        result = result * base mod n    # multiplication (only if 1)

An attacker hooks an oscilloscope to the chip's power line, sees a long sequence of power-traces, and the bit pattern of the private key falls out directly — no math required.

Other classic side channels:

  • Timing — operation duration leaks data (Kocher 1996; Lucky 13 against TLS-CBC).
  • Cache — Spectre/Meltdown, Flush+Reload, Prime+Probe on AES T-tables.
  • EM — TEMPEST against monitors; reading laptop keys from across the room.
  • Acoustic — Genkin/Shamir/Tromer extracted RSA keys from CPU coil whine.

Defenses: constant-time code (no data-dependent branches or memory accesses), blinding (randomise inputs to RSA so traces don't correlate with the key), masking (mix the secret with random values during computation), and physical shielding.

Tip: Side channels are why "the math is unbroken" is not the same as "the system is secure." Real-world AES extractions have all come from side channels, not from breaking AES itself.

From Quiz: ISF / Symmetric Cryptography | Updated: May 31, 2026